b'                      SPECTO\n                 IN            R\n             F                     G\n         O                             E\n     E\n\n\n\n\n                                       N\n     C\n\n\n\n\n                                           E\nFI\n\n\n\n\n                                           RA\nOF\n\n\n\n\n                                               L\n                                                   OFFICE OF INSPECTOR GENERAL\n                                                       EXPORT-IMPORT BANK\n                                                        of the UNITED STATES\n\n\n\n\n           Fiscal Year 2012\n     Information Security Program\n          and Practices Audit\n\n\n                                                                 March 22, 2013\n                                                                  OIG-AR-13-04\n\x0cTo:         Fernanda Young\n            Chief Information Officer\n\nFrom:       Rebecca Sharek\n            Assistant Inspector General for Audits\n\nSubject:    Fiscal Year 2012 Information Security Program and Practices Audit\n\nDate:       March 22, 2013\n\n\nThis memorandum transmits Audit Report OIG-AR-13-04, \xe2\x80\x9cIndependent Audit of\nExport-Import Bank\xe2\x80\x99s Information Security Program for Fiscal Year 2012.\xe2\x80\x9d Cotton &\nCompany LLP, under a contract issued by the Office of Inspector General, performed\nthe audit. The objective of the audit was to determine whether the Export-Import\nBank (Ex-Im Bank) developed adequate and effective information security policies,\nprocedures, and practices in compliance with the Federal Information Security\nManagement Act of 2002 (FISMA).\n\nThe audit found that overall Ex-Im Bank continues to improve and strengthen its\ninformation security program and is addressing the challenges in each of the areas\nthat the Office of Management and Budget identified for the fiscal year 2012 FISMA\nreview. However, Ex-Im Bank is not compliant with all FISMA requirements. The\nreport contains three recommendations for corrective action. Management\nconcurred with the recommendations and we consider management\xe2\x80\x99s proposed\nactions to be responsive. The recommendations will be closed upon completion and\nverification of the proposed actions.\n\nWe appreciate the courtesies and cooperation extended during the audit. If you\nhave questions, please contact me at (202) 565-3169 or rebecca.sharek@exim.gov.\n\n\ncc:     Fred Hochberg, Chairman and President\n        John McAdams, Senior Vice President and Chief Operating Officer\n        Audit Committee\n        David Sena, Senior Vice President and Chief Financial Officer\n        Patricia Wolf, Controller\n        John Lowry, Director, Information Technology Security and System\n           Assurance\n\n\n\n\n                  811 Vermont Avenue, NW Washington, D.C. 20571\n\x0cOffice of Inspector General\nExport-Import Bank of the United States\n811 Vermont Avenue, NW\nWashington, DC 20571\n202-565-3908\nwww.exim.gov/oig\n\x0c'